Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2014-6312 EXPLOITDB text
Login Widget With Shortcode < 3.2.1 - CSRF and Stored XSS via custom_style_afo
Cross-site request forgery (CSRF) vulnerability in the Login Widget With Shortcode (login-sidebar-widget) plugin before 3.2.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the custom_style_afo parameter on the login_widget_afo page to wp-admin/options-general.php.
by dxw
CVE-2014-6242 EXPLOITDB text
All In One WP Security & Firewall <3.8.3 - SQL Injection
Multiple SQL injection vulnerabilities in the All In One WP Security & Firewall plugin before 3.8.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) orderby or (2) order parameter in the aiowpsec page to wp-admin/admin.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands.
by High-Tech Bridge SA
CVE-2014-6308 EXPLOITDB text VERIFIED
OsClass < 3.4.2 - Path Traversal via File Parameter in oc-admin/index.php
Directory traversal vulnerability in OSClass before 3.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a render action to oc-admin/index.php.
by Netsparker
CVE-2014-8307 EXPLOITDB text
C97net Cart Engine < 3.0 - Cross-Site Scripting via Path Parameter or Print This Page Variable
Multiple cross-site scripting (XSS) vulnerabilities in skins/default/outline.tpl in C97net Cart Engine before 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) path parameter in the "drop down TOP menu (with path)" section or (2) print_this_page variable in the footer_content_block section, as demonstrated by the QUERY_STRING to (a) index.php, (b) checkout.php, (c) contact.php, (d) detail.php, (e) distro.php, (f) newsletter.php, (g) page.php, (h) profile.php, (i) search.php, (j) sitemap.php, (k) task.php, or (l) tell.php.
by Quantum Leap
CVE-2014-7910 EXPLOITDB text VERIFIED
Google Chrome < 39.0.2171.65 - Denial of Service or Other Impact
Multiple unspecified vulnerabilities in Google Chrome before 39.0.2171.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
by Stephane Chazelas
CVE-2014-7910 EXPLOITDB php VERIFIED
Google Chrome < 39.0.2171.65 - Denial of Service or Other Impact
Multiple unspecified vulnerabilities in Google Chrome before 39.0.2171.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
by Prakhar Prasad & Subho Halder
EIP-2026-101899 EXPLOITDB perl
Nucom ADSL ADSLR5000UN - ISP Credentials Disclosure
by Sebastián Magof
CVE-2014-7910 EXPLOITDB ruby VERIFIED
Google Chrome < 39.0.2171.65 - Denial of Service or Other Impact
Multiple unspecified vulnerabilities in Google Chrome before 39.0.2171.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
by Shaun Colley
CVE-2013-0928 EXPLOITDB ruby VERIFIED
EMC AlphaStor 4.0 - Remote Code Execution via DCP Run Command Operation
The NetWorker command processor in rrobotd.exe in the Device Manager in EMC AlphaStor 4.0 before build 800 allows remote attackers to execute arbitrary commands via a DCP "run command" operation.
by Metasploit
CVE-2014-2364 EXPLOITDB ruby VERIFIED
Advantech WebAccess < 7.2 - Remote Code Execution via Long String in ActiveX Control Parameters
Multiple stack-based buffer overflows in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary code via a long string in the (1) ProjectName, (2) SetParameter, (3) NodeName, (4) CCDParameter, (5) SetColor, (6) AlarmImage, (7) GetParameter, (8) GetColor, (9) ServerResponse, (10) SetBaud, or (11) IPAddress parameter to an ActiveX control in (a) webvact.ocx, (b) dvs.ocx, or (c) webdact.ocx.
by Metasploit
EIP-2026-116582 EXPLOITDB python
WS10 Data Server - SCADA Overflow (PoC)
by Pedro Sánchez
CVE-2014-5258 EXPLOITDB text
webEdition CMS < 6.3.8.0 - Authenticated Path Traversal via showTempFile.php file Parameter
Directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter.
by High-Tech Bridge SA
CVE-2014-6619 EXPLOITDB text
Restaurant Script PizzaInn_Project 1.0.0 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in register-exec.php in Restaurant Script (PizzaInn_Project) 1.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) fname, (2) lname, or (3) login parameter.
by Kenneth F. Belva
EIP-2026-108434 EXPLOITDB python
Joomla! Component com_macgallery 1.5 - Arbitrary File Download
by Claudio Viviani
EIP-2026-108344 EXPLOITDB python
Joomla! Component com_facegallery 1.0 - Multiple Vulnerabilities
by Claudio Viviani
EIP-2026-107439 EXPLOITDB text
Glype 1.4.9 - Local Address Filter Bypass
by Securify
EIP-2026-107438 EXPLOITDB text
Glype 1.4.9 - Cookie Injection Directory Traversal Local File Inclusion
by Securify
EIP-2026-102145 EXPLOITDB perl
ZYXEL Prestig P-660HNU-T1 - ISP Credentials Disclosure
by Sebastián Magof
EIP-2026-100469 EXPLOITDB python
Onlineon E-Ticaret - Database Disclosure
by ZoRLu
CVE-2009-3542 EXPLOITDB text VERIFIED
LittleSite 0.1 - Path Traversal and Arbitrary File Execution via File Parameter
Directory traversal vulnerability in ls.php in LittleSite (aka LS or LittleSite.php) 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the file parameter to index.php. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
by Eolas_Gadai
CVE-2014-6607 EXPLOITDB text
M/Monit <3.3.2 - Privilege Escalation
M/Monit 3.3.2 and earlier does not verify the original password before changing passwords, which allows remote attackers to change the password of other users and gain privileges via the fullname and password parameters, a different vulnerability than CVE-2014-6409.
by Dolev Farhi
EIP-2026-116225 EXPLOITDB python
Seafile-server 3.1.5 - Remote Denial of Service
by nop nop
EIP-2026-115236 EXPLOITDB perl
Fast Image Resizer 098 - Local Crash (PoC)
by niko sec
EIP-2026-113007 EXPLOITDB text
vBulletin 4.x Verify Email Before Registration Plugin - SQL Injection
by Dave
CVE-2014-6409 EXPLOITDB text
m/monit < 3.3.2 - Cross-Site Request Forgery via User Update Endpoint
Cross-site request forgery (CSRF) vulnerability in M/Monit 3.3.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that change user passwords via the fullname and password parameters to /admin/users/update.
by Dolev Farhi